home / OpenBSD lite
This page describes a 'lite' OpenBSD desktop with graphical applications. I used a Thinkpad X60 with 2Gb RAM and a 60Gb SSD.
Note Oct 30th 2020: I used sysupgrade
and pkg_add -u
to upgrade from OpenBSD 6.7 to OpenBSD 6.8 on this old Thinkpad. Seems OK.
I have linked to the OpenBSD FAQ and the man pages for commands
throughout this page. Don't forget to skim man
afterboot
, and man hier
will be helpful if you plan on editing the partition layout instead of
accepting the installer's [A]utomatic suggestion.
fvwm
fw_update
syspatch
pkg_add
to install applicationsdoas.conf
to allow user to power off the computerapmd
and use a script to restart WiFi on resumexlock
doas.conf
to allow user mounting of external storagefvwm
to look normal(ish!)jwm
.Xresources
file to customise xterm
and other applications/etc/hosts
to block unwanted Web addresses/etc/daily
, /etc/weekly
and /etc/monthly
scripts and locate
texlive-minimal
from packagesSee OpenBSD FAQ - Installation Guide especially the Pre-installation Checklist
OpenBSD has one of the easiest installers I've ever used. It just asks a series of questions with sensible defaults in brackets and takes a couple of minutes to install the base system including X Windows.
The rest of this page assumes that the graphical login called xenodm
was enabled. If it wasn't xenodm
can be enabled using the rcctl
command as root...
foo# rcctl enable xenodm
foo# reboot
Rebooting into xenodm and logging in reveals the OpenBSD default window
manager called fvwm
...
fvwm
There should be a single xterm
window in the top left of the screen.
The font might be really small. Ctrl-Right Mouse Click over the window
and select 'Huge' from the VT Fonts menu that appears. The xterm
window will get larger and the text more readable.
Silence the bell for the session...
foo$ xset b off
If you need to switch off the computer part way through configuration
use shutdown
as root to close the computer down cleanly...
foo# shutdown -ph now
If the fvwm
window manager is too annoying, Ctrl-F2 for a console
log-in and enter the commands below there. Ctrl-F5 to return to the X
Window session.
/etc/X11/xenodm/Xsetup_0
to make options
permanentEdit (as root) the /etc/X11/xenodm/Xsetup_0
file to
xconsole
starting and to silence the bell and set a
background colour for the xenodm
login screen in place of
the default check pattern. My Xsetup_0
file looks like
this...
foo$ cat /etc/X11/xenodm/Xsetup_0 #!/bin/sh # $OpenBSD: Xsetup_0,v 1.6 2019/06/29 13:33:06 espie Exp $ #xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail xset b off xset b 0 0 0 xsetroot -solid WebMaroon # install package openbsd-backgrounds # then uncomment: # # if test -x /usr/local/bin/openbsd-wallpaper # then # /usr/local/bin/openbsd-wallpaper # fi # sxpm OpenBSD.xpm &
I have just commented out the xconsole
line and added
commands to silence the bell and set a named colour for the log-in
screen. OpenBSD base provides the vi
and mg
editors. I tend to wait until I have
nano
installed before editing configuration files...
Fun fact: OpenBSD base comes with xwd
that can take a
screen shot of the screen and xwud
that can display the
resulting file. GIMP can load xwd
files. Try...
foo$ sleep 10 && xwd -root > screenie.xwd
foo$ xwud -scale -in screenie.xwd
fw_update
Skim the OpenBSD FAQ - Networking, especially the Wireless Networking section.
For a wired connection, type the following as root...
foo# ifconfig em0 up
foo# dhclient em0
...where em0
is the interface for the network card. The dhclient
should print a message with details of the lease.
fw_update
See man fw_update
and
possibly the firmware download
site.
OpenBSD make available some firmware packages which, for licencing reasons, they are not able to distribute in the installer image. As root type...
foo# fw_update
If a wired connection is not available and the WiFi card itself
requires firmware then the relevant package can be
downloaded on another
computer and copied to the target machine. Use fw_update -p
command
with the path to firmware package to install the firmware.
Use ifconfig
without arguments to find a list of the interfaces on the
computer. My computer has the WiFi interface urtw0
.
I use a hostname.if
file to connect to known WiFi networks...
foo$ cat /etc/hostname.urtw0
join MyHomeNetwork wpakey PassWord
dhcp
OpenBSD comes with vi
or mg
as terminal editors. The echo
command
can be easier for creating short files, as root...
foo# echo "join myhomewifi wpakey pass_phrase" >> /etc/hostname.urtw0
foo# echo "dhcp" >> /etc/hostname.urtw0
Then restart the network...
foo# sh /etc/netstart
Check you have a functioning connection using ping...
foo# ping -c 3 openbsd.org
syspatch
See man syspatch
and the OpenBSD 6.7 Errata page
Run the syspatch
command as root without arguments...
foo# syspatch
Get/Verify syspatch67-001_wscons.tgz 100% |*************| 113 KB 00:00
Installing patch 001_wscons
Get/Verify syspatch67-002_rpki.tgz 100% |***************| 36470 00:00
Installing patch 002_rpki
.... more lines ....
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch
...and as suggested, reboot into the new kernel...
foo# reboot
pkg_add
to install applicationsThe OpenBSD FAQ - Package management page provides a clear overview. A content distribution network address for OpenBSD mirrors is set during installation...
foo$ cat /etc/installurl
https://cdn.openbsd.org/pub/OpenBSD
Type the name of the package as an argument to pkg_add to install the
package and all its dependencies. As an example, I usually install the
nano
editor as I find it easier to use than vi
or mg
...
foo# pkg_add nano
quirks-3.124 signed on 2019-04-15T12:10:16Z # example from 6.5
quirks-3.124: ok
nano-4.0:libiconv-1.14p3: ok
nano-4.0:gettext-0.19.8.1p3: ok
nano-4.0: ok
Application choice is quite personal but most people will need an up to date Web browser. Firefox and Chromium are both available in packages, I tend towards Firefox.
Larger and more complex packages will provide pkg-readmes located at /usr/local/share/doc/pkg-readmes/. Reading these will save time and mystification as features change. As an example of what I mean have a look at the pkg-readme for Firefox...
foo$ less /usr/local/share/doc/pkg-readmes/firefox
The section on pledge(2) and unveil(2) Support
illustrates a feature
of OpenBSD. The Chromium package in OpenBSD has also been compiled with
pledge/unveil support.
Occasionally, there is a connection glitch and a package will not be
correctly downloaded. pkg_add
will mark such packages with the prefix
partial-
. I find that repeating the pkg_add
command a bit later
clears those up.
doas.conf
to allow user to power off the computerSee man doas
, man doas.conf
and Ted Unangst's doas
mastery.
The doas
command is the OpenBSD replacement for sudo
. Adding the
following lines to the /etc/doas.conf
file will allow the user to
power off and reboot the computer...
permit nopass keith as root cmd reboot
permit nopass keith as root cmd shutdown
...to run the reboot
command as a user you type...
foo$ doas reboot
...at a terminal prompt. The command doas reboot
can also be used in
the Window Manager menus &c.
apmd
and use a script to restart WiFi on resumeSee man apmd
.
Just type...
foo# rcctl enable apmd
foo# rcctl set apmd flags -A
foo# rcctl start apmd
...the /etc/rc.conf.local
file now looks like this...
foo$ cat /etc/rc.conf.local
apmd_flags=-A
xenodm_flags=
Type zzz
at a terminal prompt to check suspend to RAM. When the laptop
resumes, try ping google.com
in the terminal to see if the WiFi
restarts automatically.
I need to restart networking on resume because of the USB WiFi adaptor,
so I use the following three line script in /etc/apm/resume
...
foo$ cat /etc/apm/resume
#!/bin/sh
sleep 10 # Gives time for the USB WiFi adaptor to settle
sh /etc/netstart
Use mkdir /etc/apm
as root to create the directory. Because
/etc/apm/resume
is a script use chmod +x /etc/apm/resume
to mark the file as executable.
xlock
See man xenodm
especially the example user .xsession
files in the Session Program section. The key fact to keep in mind is that
xenodm
runs as the user who logged in not as root.
Create a .xsession
file in the home directory. For now specify fvwm
as the window manager. Mine looks like this...
foo$ cat .xsession
xidle -program "/usr/X11R6/bin/xlock -mode blank -lockdelay 10 -timeelapsed" \
-timeout 600 &
exec fvwm
The xidle
line comes straight from the xidle
man page with minor
alterations. See man xlock
for the options to the command in
quotes. The '&' character at the end of the line runs xidle
in the
background. The exec fvwm
line runs fvwm
which we want in the
foreground hence no '&'.
To lock the screen when suspending to RAM, a script is needed in
/etc/apm/suspend
. I copied mine from a blog post by Daniel
Jakots...
foo$ cat /etc/apm/suspend
#!/bin/sh
doas -u keith env DISPLAY=:0 XAUTHORITY=/home/keith/.Xauthority xlock &
The doas line is needed to allow root
to run a command as user
. Two
lines are needed in /etc/doas.conf
, one for the env command and one
for xlock...
permit nopass root as keith cmd xlock
permit nopass root as keith cmd env
At present, if the laptop is suspended while the screen is locked two
instances of the xlock
program are running on resume, so the password
has to be typed in twice. I'm experimenting with a conditional
statement in /etc/apm/suspend
to check if xlock
is already running.
doas.conf
to allow user mounting of external storageSee OpenBSD FAQ - Disk Setup / Disks and Partitions for background,
especially the numbering of disks which follows a different convention
to Linux. Skim the man pages for mount
, umount
, fstab
and when
installed ntfs-3g
for background.
I need to be able to read and write to an NTFS formatted external hard
drive, so I install the ntfs_3g
package which provides the ntfs-3g
command. I also need to read and write to VFAT formatted USB drives. The
following lines added to /etc/doas.conf
allow the user to mount and
unmount drives...
permit nopass keith as root cmd mount
permit nopass keith as root cmd umount
permit nopass keith as root cmd ntfs-3g
Mounting a USB stick to ~/usb
as user looks like this...
foo$ mkdir ~/usb
foo$ dmesg | grep sd1
sd1 at scsibus4 targ 1 lun 0: <, USB DISK 2.0, PMAP> removable serial. numbers
foo$ doas mount /dev/sd1i ~/usb
foo$ ls ~/usb
music
planner.pdf
With this VFAT formatted USB stick plugged in, I can mount my NTFS
formatted backup drive to ~/backup
like this...
foo$ mkdir ~/backup
foo$ dmesg | grep sd2
sd2 at scsibus5 targ 1 lun 0: <WD, Elements 10B8, 1012> serial. numbers
foo$ ls ~/backup
foo$ doas ntfs-3g /dev/sd2i ~/backup
foo$ ls ~/backup
Music System Volume Information
Pix X220
Below are the commands for unmounting both drives...
foo$ doas umount ~/usb
foo$ doas umount ~/backup
foo$ ls usb
foo$ ls backup
For some reason, ntfs-3g
gives an error message if you try to unmount
from /dev/sd2i
, so I just unmount from the target directories on my
home drive for both commands.
Notice how the man ntfs-3g
page uses Linux disk numbering. One example
of the difference between OpenBSD base documentation and that for
third-party packages.
fvwm
to look normal(ish!)See man fvwm
, good reading for rainy days or long commutes. The
version in OpenBSD base is very old so be careful of Web searches.
The behaviour of fvwm
is
defined by a .fvwmrc
file. Copy
/usr/X11R6/lib/X11/fvwm/.fvwmrc
to `~/.jwmrc` and change
permissions to alter the styles and actions in the copy, see
below...
foo$ cp /usr/X11R6/lib/X11/fvwm/.fvwmrc .fvwmrc
foo$ ls -la
-r--r--r-- 1 keith keith 18178 Jun 22 21:24 .fvwmrc
foo$ chmod 644 .fvwmrc
foo$ ls -la
-rw-r--r-- 1 keith keith 18178 Jun 22 21:24 .fvwmrc
fvwm
must be restarted to see the effect of changes to
.fvwmrc
. from inside a session. The Restart command is
provided in the left click menu in the default configuration.
There are many .fvwmrc
files to be found on the
Web. My current work in progress .fvwmrc
file is loosely based on one
that Ingo
Schwarze posted to the openbsd-misc mailing list some years ago.
I've added back some of the bloat he stripped out, I like my Alt-Tab
cycling through windows and I like the ability to move and focus a
window by clicking on the titlebar.
jwm
See the JWM home page for detailed configuration information. man
jwm
defines the syntax of the configuration file but lacks the
detailed examples available on the Web page.
JWM is a small floating window manager with task bar that is written in
C and configured using a single XML file. The default presentation is
usable, but the icon paths are not adapted for use on OpenBSD. My
.jwmrc
is default with a few very small tweaks mainly to the menu for
new programs. On OpenBSD the default .jwmrc
file is located at
/etc/system.jwmrc
and at /usr/local/share/examples/jwm/system.jwmrc
for some reason.
.Xresources
file to customise xterm
and other applicationsThe .Xdefaults
file is used to change font and colour settings and to determine the
style of the Xterm
terminal. My .Xdefaults file is quite long, I like true-type
fonts in my terminal like in Firefox and Leafpad so I specify those. I
also like scrolling and a light on dark colour scheme. There are much
more minimal .Xdefaults
files around.
OpenBSD running an X Windows session has hinting and sub-pixel rendering
available by default as the patent issues have been resolved. I have
added extra symlinks in my /etc/fonts/conf.d
directory as follows...
foo$ ls -l /etc/fonts/conf.d | cut -c 45-
10-autohint.conf -> /etc/fonts/conf.avail/10-autohint.conf
10-sub-pixel-rgb.conf -> /etc/fonts/conf.avail/10-sub-pixel-rgb.conf
11-lcdfilter-default.conf -> /etc/fonts/conf.avail/11-lcdfilter-default.conf
My .Xdefaults
file has some Xft specifications and jwm
is compiled with Xft support...
foo$ cat .Xdefaults | grep Xft
Xft.dpi: 96
Xft.autohint: 0
Xft.lcdfilter: lcddefault
Xft.hintstyle: hintslight
Xft.hinting: 1
Xft.antialias: 1
Xft.rgba: rgb
/etc/hosts
to block unwanted Web addressesSee man resolv.conf.tail
especially the description of the lookup
keyword.
OpenBSD's dhclient writes the nameserver address it receives into
/etc/resolv.conf
each time I connect to WiFi. If I want to
use the /etc/hosts
file as a way of blocking Web sites, I
have to add a /etc/resolv.conf.tail
file. That file needs
to tell dhclient to look and the hosts file before using DNS to look up
the IP of a Web address. My /etc/resolv.conf
file is
straight out of the handbook...
foo$ cat /etc/resolv.conf.tail lookup file bind
Popular lists of Web addresses to block such as the WinHelp hosts.txt can end up
with MS-DOS endings, so an extra carriage feed after the new line. Those
need removing before you copy the entries into /etc/hosts
.
I used sed
with in-place editing...
foo$ sed -i 's/^M$//g' ~/Downloads/hosts.txt
...the ^M
represents a carriage return and has to be entered using
Ctrl-V, Ctrl M not simply by typing the characters. I append this file to the default /etc/hosts
in base.
daily
, weekly
and monthly
scripts and locate
See man locate
and for instance man weekly
.
The locate
command can find any file on the computer very quickly by searching a database containing an index of all the files. The index is updated by running the /usr/libexec/locate.updatedb
command as root which I do now and again. Commands in libexec
are usually run by other programs and the directory does not appear in the search path.
OpenBSD base has a series of maintenance scripts that are timed to run daily, weekly and monthly if the computer is switched on 24/7. Desktop system users do not usually run these scripts. One of the things that /etc/weekly
does is to run the locate.updatedb
command. These commands also send email to root!
texlive-minimal
from packagesSee ports information for texlive-minimal.
Texlive 2019 is available in packages. The huge installation is split
over various packages as revealed by pkg_info -Q
texlive
...
foo# pkg_info -Q texlive texlive_base-2019p0 texlive_mktexlsr-2019 texlive_synctex-2019 texlive_texmf-buildset-2019 texlive_texmf-context-2019 texlive_texmf-docs-2019 texlive_texmf-full-2019 texlive_texmf-minimal-2019
Installing texlive_texmf-minimal-2019
brings the
binaries and buildset as dependancies and has been curated to give
similar functionality to tetex
. And you get clisp
2.49
as a dependency. The whole thing takes around an extra 800Mb
in /usr/local
.
Keith Burnett. Last modified: Thu Jul 2 20:51:24 BST 2020 | This is a Web page